Query Details
Remote Code Execution Exploit Chain In Open VPN
Query
// Remote code execution exploit chain in OpenVPN // CVE-2024-24974, CVE-2024-27903, CVE-2024-27459, and CVE-2024-1305 are four vulnerabilities affecting OpenVPN prior to version 2.6.10. A threat actor could exploit these vulnerabilities to launch arbitrary code with SYSTEM privileges in kernel mode on a target system running a vulnerable version of OpenVPN. Many VPN services, network hardware, and other VPN software implement the open-source OpenVPN system. These services include ExpressVPN, NordVPN, Surfshark, ProtonVPN, and tunnelblick. All implementations of OpenVPN prior to version 2.6.10 are affected by these vulnerabilities, including downstream software and hardware. // KQL to check DeviceTvmSoftwareInventory for any impacted endpoints: DeviceTvmSoftwareInventory | where SoftwareVendor contains "vpn" or SoftwareVendor contains "Surfshark" or SoftwareVendor contains "tunnelblick"
Explanation
This query is designed to identify devices that might be vulnerable to a set of critical security flaws in OpenVPN. Here's a simple summary:
-
Context: There are four serious vulnerabilities (CVE-2024-24974, CVE-2024-27903, CVE-2024-27459, and CVE-2024-1305) in OpenVPN versions before 2.6.10. These vulnerabilities can allow attackers to run malicious code with high-level system privileges.
-
Impact: Many popular VPN services and software, such as ExpressVPN, NordVPN, Surfshark, ProtonVPN, and tunnelblick, use OpenVPN and are affected if they are running a version prior to 2.6.10.
-
Purpose of the Query: The query checks the inventory of software on devices to find any that might be running vulnerable versions of OpenVPN or related VPN software.
-
How it Works: The query searches through the
DeviceTvmSoftwareInventoryfor any software from vendors that include "vpn", "Surfshark", or "tunnelblick".
In essence, this query helps identify devices that could be at risk due to these specific OpenVPN vulnerabilities.
Details
Steven Lim
Released: August 2, 2024
Tables
Keywords
Operators